Thirdeye

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
ThirdEye is a type of malware, specifically an infostealer, that has been identified as a significant threat to Windows devices. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it steals personal information, disrupts operations, and can potentially hold data hostage for ransom. ThirdEye primarily spreads through email (#9001, #9002) and HTTP/S transfers (#8999, #9000), typically as a compressed attachment. It has been observed performing lateral movement within networks, indicating its ability to spread across multiple systems. The malware's lifecycle involves writing itself to disk (#8997) and initiating a pre-execution phase (#8998) on the host level. This enables it to establish a strong foothold within infected systems, making it challenging to detect and remove. SafeBreach has provided coverage of ThirdEye's behavior, documenting its methods of infiltration, lateral movement, and overall operation within compromised systems. Despite the emergence of many infostealing malwares in cyberspace such as Raccoon, RedLine, Vidar, and ThirdEye, there is growing concern about a new, yet-unknown malware named ExelaStealer, which is believed to be even more dangerous. However, the focus remains on ThirdEye due to its recent surge in activity and its targeting of Windows devices, posing a new threat to users worldwide. With its sophisticated techniques and stealthy operations, ThirdEye exemplifies the evolving challenges in the field of cybersecurity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Infostealer
Malware
Fortiguard
Windows
Lateral_move...
Gbhackers
Infiltration
Fortinet
Infostealer ...
Uptycs
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedlineUnspecified
1
RedLine is a notorious malware, discovered in March 2020, designed to exploit computer systems and steal sensitive personal information such as login credentials, cryptocurrency wallets, and financial data. It exports this stolen data to its command-and-control infrastructure. The malware has been u
VidarUnspecified
1
Vidar is a Windows-based malware written in C++, derived from the Arkei stealer, which is designed to infiltrate and exploit computer systems. It has been used alongside other malware variants such as Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2,
RaccoonUnspecified
1
Raccoon is a highly potent and cost-effective Malware-as-a-Service (MaaS) primarily sold on dark web forums, used extensively by Scattered Spider threat actors to pilfer sensitive data. As per the "eSentire Threat Intelligence Malware Analysis: Raccoon Stealer v2.0" report published on August 31, 20
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Thirdeye ThirdeyeUnspecified
1
None
Source Document References
Information about the Thirdeye Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Sophisticated Booking.com Scam Targeting Guests with Vidar Infostealer
CERT-EU
9 months ago
New Windows Infostealer 'ExelaStealer' Being Sold on Dark Web
CERT-EU
10 months ago
ZenRAT Malware Uncovered in Bitwarden Impersonation
CERT-EU
a year ago
Akira Ransomware, 8Base Ransomware, and more: Hacker’s Playbook Threat Coverage Round-up: August 22, 2023
Fortinet
a year ago
New Fast-Developing ThirdEye Infostealer Pries Open System Information | FortiGuard Labs
CERT-EU
a year ago
New report shows 27% revenue growth for Jade Software NZ
CERT-EU
a year ago
Meduza Stealer Targets Windows Users With Advanced Tactics
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity - Week 26 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
ThirdEye: New Infostealer is Targeting Open System Information | IT Security News
CERT-EU
a year ago
Cyber Security Today, June 30, 2023 – Good news and bad news about ransomware | IT World Canada News
Securityaffairs
a year ago
Previously undetected ThirdEye appears in the threat landscape
CERT-EU
a year ago
ThirdEye - A new Infostealer Malware Steal BIOS & Hardware Data
CERT-EU
a year ago
ThirdEye – A new Infostealer Malware Steal BIOS & Hardware Data | IT Security News
CERT-EU
a year ago
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
CERT-EU
a year ago
Newly Surfaced ThirdEye Infostealer Targeting Windows Devices
CERT-EU
a year ago
ThirdEye Infostealer Poses New Threat to Windows Users
CERT-EU
a year ago
New Fast-Developing ThirdEye Infostealer Pries Open System Information | FortiGuard Labs